June 23, 2025 Canada’s cybersecurity agency and the U.S. Federal Bureau of Investigation have confirmed that a China-linked hacking group known as Salt Typhoon breached network equipment used by a domestic telecommunications provider in February.

In a joint security bulletin, the Canadian Centre for Cyber Security said the intruders exploited a critical flaw (CVE‑2023‑20198) in Cisco network devices to access configuration files on three systems and set up a GRE tunnel to monitor network traffic .

“The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies. The responsible actors are almost certainly PRC state-sponsored actors, specifically Salt Typhoon,” the agency said .

Investigators noted that similar indicators of compromise have been found across other sectors, suggesting the campaign “is broader than just the telecommunications sector.” They warn Salt Typhoon will “almost certainly” continue targeting Canadian organizations over the next two years.

Salt Typhoon has previously exploited the same Cisco vulnerability in U.S. telecoms and hacked major providers such as AT&T, Verizon, Lumen and Viasat. The flaw was first discovered in October 2023, but at least one Canadian telecom had not applied the patch, enabling the breach.

This has some big implications for Canada:

• State-sponsored cyber activities are escalating, targeting not just telecom but critical infrastructure across sectors.
• Immediate action is needed: organizations are urged to patch known Cisco device vulnerabilities and strengthen perimeter defences.
• Expect continued digital espionage from state-linked hackers—defensive measures must become long-term priorities.